Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b02d26ad by security tracker role at 2019-03-25T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2019-10043
+ RESERVED
+CVE-2019-10042 (The D-Link DIR-816 A2 1.11 router only checks the random token
when au ...)
+ TODO: check
+CVE-2019-10041 (The D-Link DIR-816 A2 1.11 router only checks the random token
when au ...)
+ TODO: check
+CVE-2019-10040 (The D-Link DIR-816 A2 1.11 router only checks the random token
when au ...)
+ TODO: check
+CVE-2019-10039 (The D-Link DIR-816 A2 1.11 router only checks the random token
when au ...)
+ TODO: check
+CVE-2019-10038
+ RESERVED
+CVE-2019-10037
+ RESERVED
+CVE-2019-10036
+ RESERVED
+CVE-2019-10035
+ RESERVED
+CVE-2019-10034
+ RESERVED
+CVE-2019-10033
+ RESERVED
+CVE-2019-10032
+ RESERVED
+CVE-2019-10031
+ RESERVED
+CVE-2019-10030
+ RESERVED
+CVE-2019-10029
+ RESERVED
+CVE-2019-10028
+ RESERVED
CVE-2019-10027 (PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka
E-mail) field ...)
NOT-FOR-US: PHPCMS
CVE-2019-10026 (An issue was discovered in Xpdf 4.01.01. There is an FPE in
the functi ...)
@@ -82,10 +114,10 @@ CVE-2019-9973
RESERVED
CVE-2019-10013
RESERVED
-CVE-2019-10012
- RESERVED
-CVE-2019-10011
- RESERVED
+CVE-2019-10012 (Jenzabar JICS (aka Internet Campus Solution) before 9 allows
remote at ...)
+ TODO: check
+CVE-2019-10011 (ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka
Internet Campu ...)
+ TODO: check
CVE-2019-10010 (Cross-site scripting (XSS) vulnerability in the PHP League
CommonMark ...)
NOT-FOR-US: PHP League CommonMark library
CVE-2019-10009
@@ -230,6 +262,7 @@ CVE-2019-9926
CVE-2019-9925 (S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. ...)
NOT-FOR-US: S-CMS PHP
CVE-2019-9924 (rbash in Bash before 4.4-beta2 did not prevent the shell user
from mod ...)
+ {DLA-1726-1}
- bash 4.4-1 (low)
NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441
CVE-2019-9923 (pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL
pointe ...)
@@ -952,6 +985,8 @@ CVE-2019-1010002
CVE-2019-1010001
RESERVED
CVE-2019-6341 [SA-CORE-2019-004]
+ RESERVED
+ {DSA-4412-1}
- drupal7 <removed> (bug #925176)
NOTE: https://www.drupal.org/SA-CORE-2019-004
CVE-2019-9893 (libseccomp before 2.4.0 did not correctly generate 64-bit
syscall argu ...)
@@ -1153,7 +1188,7 @@ CVE-2019-9814
RESERVED
CVE-2019-9813
RESERVED
- {DSA-4417-1}
+ {DSA-4417-1 DLA-1727-1}
- firefox 66.0.1-1
- firefox-esr 60.6.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813
@@ -1164,7 +1199,7 @@ CVE-2019-9811
RESERVED
CVE-2019-9810
RESERVED
- {DSA-4417-1}
+ {DSA-4417-1 DLA-1727-1}
- firefox 66.0.1-1
- firefox-esr 60.6.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810
@@ -6383,18 +6418,18 @@ CVE-2019-7615
RESERVED
CVE-2019-7614
RESERVED
-CVE-2019-7613
- RESERVED
-CVE-2019-7612
- RESERVED
-CVE-2019-7611
- RESERVED
-CVE-2019-7610
- RESERVED
-CVE-2019-7609
- RESERVED
-CVE-2019-7608
- RESERVED
+CVE-2019-7613 (Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient
loggin ...)
+ TODO: check
+CVE-2019-7612 (A sensitive data disclosure flaw was found in the way Logstash
version ...)
+ TODO: check
+CVE-2019-7611 (A permission issue was found in Elasticsearch versions before
5.6.15 a ...)
+ TODO: check
+CVE-2019-7610 (Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary
code exec ...)
+ TODO: check
+CVE-2019-7609 (Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary
code exec ...)
+ TODO: check
+CVE-2019-7608 (Kibana versions before 5.6.15 and 6.6.1 had a cross-site
scripting (XS ...)
+ TODO: check
CVE-2019-7607
RESERVED
CVE-2019-7606
@@ -9905,8 +9940,7 @@ CVE-2019-6242 (** DISPUTED ** Kentico v10.0.42 allows
Global Administrators to r
NOT-FOR-US: Kentico
CVE-2019-6241
RESERVED
-CVE-2019-6240 [Arbitrary repo read in Gitlab project import]
- RESERVED
+CVE-2019-6240 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
- gitlab 11.5.7+dfsg-1 (bug #919822)
NOTE:
https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/
CVE-2018-20699 (Docker Engine before 18.09 allows attackers to cause a denial
of servi ...)
@@ -10211,7 +10245,7 @@ CVE-2019-6113
CVE-2019-6112
RESERVED
CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp
implementation ...)
- {DSA-4387-2 DSA-4387-1}
+ {DSA-4387-2 DSA-4387-1 DLA-1728-1}
- openssh 1:7.9p1-9 (bug #923486)
NOTE:
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
NOTE:
https://github.com/openssh/openssh-portable/commit/391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
@@ -10223,7 +10257,7 @@ CVE-2019-6110 (In OpenSSH 7.9, due to accepting and
displaying arbitrary stderr
NOTE: Not considered a vulnerability by upstream, cf.
NOTE:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037475.html
CVE-2019-6109 (An issue was discovered in OpenSSH 7.9. Due to missing
character encod ...)
- {DSA-4387-1}
+ {DSA-4387-1 DLA-1728-1}
- openssh 1:7.9p1-6 (bug #793412)
NOTE:
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=2434
@@ -11031,7 +11065,7 @@ CVE-2019-5754 (Implementation error in QUIC Networking
in Google Chrome prior to
{DSA-4395-1}
- chromium 72.0.3626.81-1
CVE-2018-20685 (In OpenSSH 7.9, scp.c in the scp client allows remote SSH
servers to b ...)
- {DSA-4387-1}
+ {DSA-4387-1 DLA-1728-1}
- openssh 1:7.9p1-5 (bug #919101)
NOTE:
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
NOTE:
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
@@ -14657,8 +14691,8 @@ CVE-2019-4048
RESERVED
CVE-2019-4047
RESERVED
-CVE-2019-4046
- RESERVED
+CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
+ TODO: check
CVE-2019-4045
RESERVED
CVE-2019-4044
@@ -15002,8 +15036,8 @@ CVE-2019-3881
RESERVED
CVE-2019-3880
RESERVED
-CVE-2019-3879
- RESERVED
+CVE-2019-3879 (It was discovered that in the ovirt's REST API before version
4.3.2.1, ...)
+ TODO: check
CVE-2019-3878 [authentication bypass in ECP flow]
RESERVED
{DSA-4414-1}
@@ -15022,8 +15056,7 @@ CVE-2019-3876
RESERVED
CVE-2019-3875
RESERVED
-CVE-2019-3874 [SCTP socket buffer memory leak leading to denial of service]
- RESERVED
+CVE-2019-3874 (The SCTP socket buffer used by a userspace application is not
accounte ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686373
CVE-2019-3873
@@ -15049,8 +15082,7 @@ CVE-2019-3865
RESERVED
CVE-2019-3864
RESERVED
-CVE-2019-3863 [Integer overflow in user authenicate keyboard interactive
allows out-of-bounds writes]
- RESERVED
+CVE-2019-3863 (A flaw was found in libssh2 before 1.8.1. A server could send a
multip ...)
- libssh2 <unfixed> (bug #924965)
NOTE: https://www.libssh2.org/CVE-2019-3863.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.patch
@@ -15060,14 +15092,12 @@ CVE-2019-3862 (An out of bounds read flaw was
discovered in libssh2 before 1.8.1
NOTE: https://libssh2.org/CVE-2019-3862.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
NOTE: https://github.com/libssh2/libssh2/pull/316
-CVE-2019-3861 [Out-of-bounds reads with specially crafted SSH packets]
- RESERVED
+CVE-2019-3861 (An out of bounds read flaw was discovered in libssh2 before
1.8.1 in t ...)
- libssh2 <unfixed> (bug #924965)
NOTE: https://libssh2.org/CVE-2019-3861.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
NOTE: https://github.com/libssh2/libssh2/pull/316
-CVE-2019-3860 [Out-of-bounds reads with specially crafted SFTP packets]
- RESERVED
+CVE-2019-3860 (An out of bounds read flaw was discovered in libssh2 before
1.8.1 in t ...)
- libssh2 <unfixed> (bug #924965)
NOTE: https://libssh2.org/CVE-2019-3860.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
@@ -15082,14 +15112,12 @@ CVE-2019-3858 (An out of bounds read flaw was
discovered in libssh2 before 1.8.1
NOTE: https://libssh2.org/CVE-2019-3858.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
NOTE: https://github.com/libssh2/libssh2/pull/316
-CVE-2019-3857 [Possible integer overflow leading to zero-byte allocation and
out-of-bounds write]
- RESERVED
+CVE-2019-3857 (An integer overflow flaw which could lead to an out of bounds
write wa ...)
- libssh2 <unfixed> (bug #924965)
NOTE: https://www.libssh2.org/CVE-2019-3857.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
NOTE: https://github.com/libssh2/libssh2/pull/315
-CVE-2019-3856 [Possible integer overflow in keyboard interactive handling
allows out-of-bounds write]
- RESERVED
+CVE-2019-3856 (An integer overflow flaw, which could lead to an out of bounds
write, ...)
- libssh2 <unfixed> (bug #924965)
NOTE: https://www.libssh2.org/CVE-2019-3856.html
NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
@@ -15125,8 +15153,7 @@ CVE-2019-3843
RESERVED
CVE-2019-3842
RESERVED
-CVE-2019-3841
- RESERVED
+CVE-2019-3841 (Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive,
were re ...)
NOT-FOR-US: KubeVirt
CVE-2019-3840 [NULL pointer dereference after running qemuAgentCommand in
qemuAgentGetInterfaces function]
RESERVED
@@ -15138,8 +15165,7 @@ CVE-2019-3840 [NULL pointer dereference after running
qemuAgentCommand in qemuAg
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
CVE-2019-3839
RESERVED
-CVE-2019-3838 [forceput in DefineResource is still accessible]
- RESERVED
+CVE-2019-3838 (It was found that the forceput operator could be extracted from
the De ...)
[experimental] - ghostscript 9.27~~dc1~dfsg-1
- ghostscript <unfixed> (bug #925257)
NOTE: https://www.openwall.com/lists/oss-security/2019/03/21/1
@@ -15150,8 +15176,7 @@ CVE-2019-3837
RESERVED
CVE-2019-3836
RESERVED
-CVE-2019-3835 [superexec operator is available]
- RESERVED
+CVE-2019-3835 (It was found that the superexec operator was available in the
internal ...)
[experimental] - ghostscript 9.27~~dc1~dfsg-1
- ghostscript <unfixed> (bug #925256)
NOTE: https://www.openwall.com/lists/oss-security/2019/03/21/1
@@ -15169,8 +15194,7 @@ CVE-2019-3832 (It was discovered the fix for
CVE-2018-19758 (libsndfile) was not
NOTE:
https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436
NOTE: https://github.com/erikd/libsndfile/pull/460
NOTE:
https://github.com/erikd/libsndfile/commit/6d7ce94c020cc720a6b28719d1a7879181790008
-CVE-2019-3831
- RESERVED
+CVE-2019-3831 (A vulnerability was discovered in vdsm, version 4.19 through
4.30.3 an ...)
- vdsm <itp> (bug #668538)
CVE-2019-3830 [ceilometer-agent prints sensitive data from config files
through log files]
RESERVED
@@ -15185,8 +15209,7 @@ CVE-2019-3828 [path traversal in the fetch module]
[jessie] - ansible <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1676689
NOTE: https://github.com/ansible/ansible/pull/52133
-CVE-2019-3827 [Incorrect authorization in admin backend allows privileged
users to read and modify arbitrary files without prompting for password]
- RESERVED
+CVE-2019-3827 (An incorrect permission check in the admin backend in gvfs
before vers ...)
- gvfs 1.38.1-3 (bug #921816)
[jessie] - gvfs <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.gnome.org/GNOME/gvfs/issues/355
@@ -15272,18 +15295,15 @@ CVE-2019-3811 (A vulnerability was found in sssd. If
a user was configured with
NOTE: Pull request: https://github.com/SSSD/sssd/pull/703
NOTE: Fixed by:
https://github.com/SSSD/sssd/commit/90f32399b4100ce39cf665649fde82d215e5eb49
(master)
NOTE: Fixed by:
https://github.com/SSSD/sssd/commit/28792523a01a7d21bcc8931794164f253e691a68
(sssd-1-16)
-CVE-2019-3810
- RESERVED
+CVE-2019-3810 (A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3,
3.4 to ...)
- moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=381230#p1536767
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372
-CVE-2019-3809
- RESERVED
+CVE-2019-3809 (A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier
unsuppor ...)
- moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=381229#p1536766
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222
-CVE-2019-3808
- RESERVED
+CVE-2019-3808 (A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3,
3.4 to ...)
- moodle <removed>
NOTE: https://moodle.org/mod/forum/discuss.php?d=381228#p1536765
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395
@@ -16060,24 +16080,24 @@ CVE-2019-3486
RESERVED
CVE-2019-3485
RESERVED
-CVE-2019-3484
- RESERVED
-CVE-2019-3483
- RESERVED
-CVE-2019-3482
- RESERVED
-CVE-2019-3481
- RESERVED
-CVE-2019-3480
- RESERVED
-CVE-2019-3479
- RESERVED
+CVE-2019-3484 (Mitigates a remote code execution issue in ArcSight Logger
versions pr ...)
+ TODO: check
+CVE-2019-3483 (Mitigates a potential information leakage issue in ArcSight
Logger ver ...)
+ TODO: check
+CVE-2019-3482 (Mitigates a directory traversal issue in ArcSight Logger
versions prio ...)
+ TODO: check
+CVE-2019-3481 (Mitigates a XML External Entity Parsing issue in ArcSight
Logger versi ...)
+ TODO: check
+CVE-2019-3480 (Mitigates a stored/reflected XSS issue in ArcSight Logger
versions pri ...)
+ TODO: check
+CVE-2019-3479 (Mitigates a potential remote code execution issue in ArcSight
Logger v ...)
+ TODO: check
CVE-2019-3478
RESERVED
CVE-2019-3477
RESERVED
-CVE-2019-3476
- RESERVED
+CVE-2019-3476 (Remote arbitrary code execution in Micro Focus Data Protector,
version ...)
+ TODO: check
CVE-2019-3475 (A local privilege escalation vulnerability in the famtd
component of M ...)
NOT-FOR-US: Micro Focus Filr
CVE-2019-3474 (A path traversal vulnerability in the web application component
of Mic ...)
@@ -17415,10 +17435,10 @@ CVE-2019-3398
RESERVED
CVE-2019-3397
RESERVED
-CVE-2019-3396
- RESERVED
-CVE-2019-3395
- RESERVED
+CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server
before versi ...)
+ TODO: check
+CVE-2019-3395 (The WebDAV endpoint in Atlassian Confluence Server and Data
Center bef ...)
+ TODO: check
CVE-2019-3394
RESERVED
CVE-2018-20298 (S3 Browser before 8.1.5 contains an XML external entity (XXE)
vulnerab ...)
@@ -33231,8 +33251,7 @@ CVE-2018-16860
RESERVED
CVE-2018-16859 (Execution of Ansible playbooks on Windows platforms with
PowerShell Sc ...)
- ansible <not-affected> (Only issue when executing Ansible playbooks
on Windows platforms)
-CVE-2018-16858 [Remote Code Execution via Macro/Event execution]
- RESERVED
+CVE-2018-16858 (It was found that libreoffice before versions 6.0.7 and 6.1.3
was vuln ...)
{DSA-4381-1 DLA-1669-1}
- libreoffice 1:6.1.3-1
NOTE:
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
@@ -33340,8 +33359,7 @@ CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are
vulnerable to a buffer o
- curl 7.62.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16839.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
-CVE-2018-16838 [improper implementation of GPOs due to too restrictive
permissions]
- RESERVED
+CVE-2018-16838 (A flaw was found in sssd Group Policy Objects implementation.
When the ...)
- sssd <unfixed>
[jessie] - sssd <not-affected> (GPO based access control introduced
later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640820
@@ -33975,7 +33993,7 @@ CVE-2018-16599 (An issue was discovered in Amazon Web
Services (AWS) FreeRTOS th
NOT-FOR-US: FreeRTOS
CVE-2018-16598 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS
through ...)
NOT-FOR-US: FreeRTOS
-CVE-2018-16597 (An issue was discovered in the Linux kernel through 4.18.6.
Incorrect ...)
+CVE-2018-16597 (An issue was discovered in the Linux kernel before 4.8.
Incorrect acce ...)
- linux 4.8.5-1
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1106512
@@ -43858,10 +43876,10 @@ CVE-2018-12655 (Reflected Cross-Site Scripting (XSS)
exists in the Circulation m
NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12654 (Reflected Cross-Site Scripting (XSS) exists in the
Bibliography module ...)
NOT-FOR-US: SLiMS 8 Akasia
-CVE-2018-12653
- RESERVED
-CVE-2018-12652
- RESERVED
+CVE-2018-12653 (A Reflected Cross Site Scripting (XSS) Vulnerability was
discovered in ...)
+ TODO: check
+CVE-2018-12652 (A Reflected Cross Site Scripting (XSS) Vulnerability was
discovered in ...)
+ TODO: check
CVE-2018-12651 (A Reflected Cross Site Scripting (XSS) Vulnerability was
discovered in ...)
NOT-FOR-US: Adrenalin HRMS
CVE-2018-12650 (Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site
Scripting ...)
@@ -53362,7 +53380,7 @@ CVE-2018-9259 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, the MP4 dissecto
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2113179835b37549f245ac7c05ff2b96276893e4
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-15.html
CVE-2018-9258 (In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash.
This was a ...)
- {DLA-1388-1}
+ {DLA-1634-1 DLA-1388-1}
- wireshark 2.4.6-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14472
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2d4695de1477df60b0188fd581c0c279db601978
@@ -58636,7 +58654,7 @@ CVE-2018-7333 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to
2.2.12, epan/dissectors/
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bd6313181317bfe83842b27650b65f3c2b8d5dc9
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7332 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
epan/dissectors/packe ...)
- {DLA-1353-1}
+ {DLA-1634-1 DLA-1353-1}
- wireshark 2.4.5-1 (low)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14445
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea
@@ -60537,7 +60555,7 @@ CVE-2018-6705 (Privilege escalation vulnerability in
McAfee Agent (MA) for Linux
NOT-FOR-US: McAfee
CVE-2018-6704 (Privilege escalation vulnerability in McAfee Agent (MA) for
Linux 5.0. ...)
NOT-FOR-US: McAfee
-CVE-2018-6703 (Use After Free in McAfee Common service in McAfee Agent (MA)
5.0.0 thr ...)
+CVE-2018-6703 (Use After Free in Remote logging (which is disabled by default)
in McA ...)
NOT-FOR-US: McAfee
CVE-2018-6702
RESERVED
@@ -103941,8 +103959,8 @@ CVE-2017-9378 (BigTree CMS through 4.2.18 does not
prevent a user from deleting
NOT-FOR-US: BigTree CMS
CVE-2017-9377 (A command injection was identified on Barco ClickShare Base
Unit devic ...)
NOT-FOR-US: Barco ClickShare Base Unit device
-CVE-2017-9376
- RESERVED
+CVE-2017-9376 (ManageEngine ServiceDesk Plus before 9314 contains a local file
inclus ...)
+ TODO: check
CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller
emulato ...)
{DSA-3991-1}
- qemu 1:2.10.0-1 (bug #864219)
@@ -103983,8 +104001,8 @@ CVE-2017-9364 (Unrestricted File Upload exists in
BigTree CMS through 4.2.18: if
NOT-FOR-US: BigTree CMS
CVE-2017-9363 (Untrusted Java serialization in Soffid IAM console before 1.7.5
allows ...)
NOT-FOR-US: Soffid IAM console
-CVE-2017-9362
- RESERVED
+CVE-2017-9362 (ManageEngine ServiceDesk Plus before 9312 contains an XML
injection at ...)
+ TODO: check
CVE-2017-9361 (WebsiteBaker v2.10.0 has a stored XSS vulnerability in
/account/detail ...)
NOT-FOR-US: WebsiteBaker
CVE-2017-9360 (WebsiteBaker v2.10.0 has a SQL injection vulnerability in
/account/det ...)
@@ -110103,8 +110121,7 @@ CVE-2017-7511 (poppler since version 0.17.3 has been
vulnerable to NULL pointer
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101153
NOTE: Fixed by:
https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a
NOTE: Crash in CLI tool, no security implications
-CVE-2017-7510
- RESERVED
+CVE-2017-7510 (In ovirt-engine 4.1, if a host was provisioned with cloud-init,
the ro ...)
NOT-FOR-US: ovirt-engine
CVE-2017-7509 (An input validation error was found in Red Hat Certificate
System's ha ...)
NOT-FOR-US: Red Hat Certificate System
@@ -131944,6 +131961,7 @@ CVE-2016-9422 (An issue was discovered in the Tatsuya
Kinoshita w3m fork before
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/8
CVE-2016-9401 (popd in bash might allow local users to bypass the restricted
shell an ...)
+ {DLA-1726-1}
- bash 4.4-3 (bug #844727)
[wheezy] - bash <no-dsa> (Minor issue)
NOTE: Upstream bash considers this issue only to be a bug.
@@ -175596,16 +175614,16 @@ CVE-2015-3958 (Hospira LifeCare PCA Infusion System
5.0 and earlier, and possibl
NOT-FOR-US: Hospira LifeCare
CVE-2015-3957 (Hospira LifeCare PCA Infusion System before 7.0 stores private
keys an ...)
NOT-FOR-US: Hospira LifeCare
-CVE-2015-3956
- RESERVED
+CVE-2015-3956 (Hospira Plum A+ Infusion System version 13.4 and prior, Plum
A+3 Infus ...)
+ TODO: check
CVE-2015-3955 (Stack-based buffer overflow in Hospira LifeCare PCA Infusion
System 5. ...)
NOT-FOR-US: Hospira LifeCare
-CVE-2015-3954
- RESERVED
-CVE-2015-3953
- RESERVED
-CVE-2015-3952
- RESERVED
+CVE-2015-3954 (Hospira Plum A+ Infusion System version 13.4 and prior, Plum
A+3 Infus ...)
+ TODO: check
+CVE-2015-3953 (Hard-coded accounts may be used to access Hospira Plum A+
Infusion Sys ...)
+ TODO: check
+CVE-2015-3952 (Wireless keys are stored in plain text on Hospira Plum A+
Infusion Sys ...)
+ TODO: check
CVE-2015-3951 (RLE Nova-Wind Turbine HMI devices store cleartext credentials,
which a ...)
NOT-FOR-US: RLE Nova-Wind Turbines
CVE-2015-3950 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR
OS on ...)
@@ -185008,12 +185026,12 @@ CVE-2015-1016
RESERVED
CVE-2015-1015 (Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before
2.1, an ...)
NOT-FOR-US: Omron CX-One
-CVE-2015-1014
- RESERVED
+CVE-2015-1014 (A successful exploit of these vulnerabilities requires the
local user ...)
+ TODO: check
CVE-2015-1013 (OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not
ensure tha ...)
NOT-FOR-US: OSIsoft PI AF and OSIsoft PI SQL for AF
-CVE-2015-1012
- RESERVED
+CVE-2015-1012 (Wireless keys are stored in plain text on version 5 of the
Hospira Lif ...)
+ TODO: check
CVE-2015-1011 (Hospira LifeCare PCA Infusion System before 7.0 has hardcoded
credenti ...)
NOT-FOR-US: Hospira LifeCare
CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier
does n ...)
@@ -185022,8 +185040,8 @@ CVE-2015-1009 (Schneider Electric InduSoft Web Studio
before 7.1.3.5 Patch 5 and
NOT-FOR-US: Schneider Electric
CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager
before 13 al ...)
NOT-FOR-US: Emerson AMS Device Manager
-CVE-2015-1007
- RESERVED
+CVE-2015-1007 (A specially crafted configuration file could be used to cause a
stack- ...)
+ TODO: check
CVE-2015-1006
RESERVED
CVE-2015-1005 (IniNet embeddedWebServer (aka eWebServer) before 2.02 for
Windows CE u ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b02d26adeed03a3c4ad139437d7ebc4dd2ccd059
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b02d26adeed03a3c4ad139437d7ebc4dd2ccd059
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
